セキュリティと VPN : 認証プロトコル

VPDN 向け RADIUS 認証の設定方法

2002 年 12 月 13 日 - ライター翻訳版
その他のバージョン: PDFpdf | 機械翻訳版 (2013 年 8 月 21 日) | 英語版 (2008 年 2 月 26 日) | フィードバック

目次

概要
はじめに
     表記法
     前提条件
     使用するコンポーネント
     背景理論
構成
     ネットワーク ダイアグラム
     サーバ構成
     ルータ設定
確認
トラブルシューティング
     トラブルシューティングのためのコマンド
     デバッグ出力
関連するシスコ サポート コミュニティ ディスカッション
関連情報

概要

この文書では、Virtual Private Dial-Up Network(VPDN; 仮想私設ダイヤルアップ ネットワーク)で RADIUS 認証の使用を可能にするための設定例を紹介します。

はじめに

表記法

文書の表記法の詳細は、「シスコ テクニカル ティップスの表記法」を参照してください。

前提条件

この文書に関する特別な前提条件はありません。

使用するコンポーネント

この文書の情報は、次のソフトウェアとハードウェアのバージョンに基づいています。

  • Cisco Secure ACS UNIX 2.x.x または Merit RADIUS

  • Cisco IOS(R) ソフトウェア リリース 11.2

この文書の情報は、特定のラボ環境にあるデバイスに基づいて作成されています。また、この文書で使用するデバイスは、すべて初期(デフォルト)の設定で起動しています。実稼動中のネットワークで作業をしている場合、実際にコマンドを使用する前に、その潜在的な影響について理解しておく必要があります。

背景理論

この例では、ユーザは「jsmith@hp.com」、パスワードは「test」とします。「jsmith@hp.com」が ISP ルータにダイヤルすると、ISP ルータは「hp.com」userid を ISP サーバに送信します。ISP サーバは「hp.com」userid を検索してその tunnel-id("isp")、home gateway(HGW; ホーム ゲートウェイ)ルータ(10.31.1.50)の IP アドレス、Network Access Server(NAS; ネットワーク アクセスサーバ)のパスワード(「hello」)、およびゲートウェイのパスワード(「there」)を ISP ルータに返信します。ISP ルータは 10.31.1.50 HGW ルータに接続し、このルータがローカルでユーザ「hp-gw」を認証して userid「isp」用パスワード(「hello」)を HGW サーバに転送します。ISP ルータは、HGW ルータにダイヤルしているユーザの userid(「jsmith@hp.com」)とパスワード(「test」)を転送します。このユーザは HGW サーバに認証されています。この例では、ISP ルータの名前は「Koala」、HGW ルータの名前は「sneetches」とします。

構成

このセクションでは、この文書で説明する機能を設定するための情報を記載します。

ネットワーク ダイアグラム

この文書では、次の図に示すネットワーク設定を使用します。

vpdn_rad.gif

サーバ構成

Merit RADIUS の設定

  Server must support Cisco av-pairs!
  # This user is on the ISP server!
  hp.com Password = "cisco"
  Service-Type = Outbound-User,
  cisco-avpair = "vpdn:tunnel-id=isp",
  cisco-avpair = "vpdn:ip-addresses=10.31.1.50",
  cisco-avpair = "vpdn:nas-password=hello",
  cisco-avpair = "vpdn:gw-password=there"
  
  # The next 2 users are on the HGW Server!
  isp Password = "hello",
  Service-Type = Framed,
  Framed-Protocol = PPP
  
  jsmith@hp.com Password = "test",
  Service-Type = Framed,
  Framed-Protocol = PPP

Cisco Secure ACS UNIX 2.x.x の設定

# This user is on the ISP server!
  # ./ViewProfile -p 9900 -u hp.com
  User Profile Information
  user = hp.com{
  profile_id = 86
  profile_cycle = 1
  RADIUS=Cisco {
  check_items= {
  2="cisco"
  }
  reply_attributes= {
  9,1="vpdn:tunnel-id=isp"
  9,1="vpdn:ip-addresses=10.31.1.50"
  9,1="vpdn:NAS-password=hello"
  9,1="vpdn:gw-password=there"
  }
  }
  
  }
  
  # The next 2 users are on the HGW Server!
  
  # ./ViewProfile -p 9900 -u isp
  User Profile Information
  user = isp{
  profile_id = 70
  profile_cycle = 1
  RADIUS=Cisco {
  check_items= {
  2="hello"
  }
  reply_attributes= {
  6=2
  7=1
  }
  }
  
  }
  
  # ./ViewProfile -p 9900 -u jsmith@hp.com
  User Profile Information
  user = jsmith@hp.com{
  profile_id = 84
  profile_cycle = 1
  RADIUS=Cisco {
  check_items= {
  2="test"
  }
  reply_attributes= {
  6=2
  7=1
  }
  }
  
  }

ルータの設定

ISP ルータの設定

koala#show running config
  
  Building configuration...
  
  
  Current configuration:
  !
  version 11.3
  no service password-encryption
  service udp-small-servers
  service tcp-small-servers
  !
  hostname koala
  !
  aaa new-model
  aaa authentication ppp default if-needed RADIUS
  aaa authorization network default RADIUS
  aaa accounting network default start-stop RADIUS
  enable password ww
  !
  vpdn enable
  !
  interface Ethernet0
  ip address 10.31.1.5 255.255.255.0
  !
  interface Serial0
  shutdown
  !
  interface Serial1
  shutdown
  !
  interface Async1
  ip unnumbered Ethernet0
  encapsulation ppp
  async mode dedicated
  no peer default ip address
  no cdp enable
  ppp authentication chap
  !
  ip default-gateway 10.31.1.1
  no ip classless
  ip route 0.0.0.0 0.0.0.0 10.31.1.1
  logging trap debugging
  logging 171.68.118.101
  snmp-server community public RW
  snmp-server enable traps config
  snmp-server host 171.68.118.105 traps public
  RADIUS-server host 171.68.120.194 auth-port 1645 acct-port 1646
  RADIUS-server key cisco
  !
  line con 0
  password WW
  line 1
  password WW
  autoselect ppp
  modem InOut
  transport input all
  stopbits 1
  speed 115200
  flowcontrol hardware
  line 2 16
  autoselect during-login
  line aux 0
  line vty 0 4
  exec-timeout 0 0
  password WW
  !
  end

    

HGW ルータの設定

Sneetches#show running config
  Building configuration...
  
  Current configuration:
  !
  version 11.3
  no service password-encryption
  service udp-small-servers
  service tcp-small-servers
  !
  hostname Sneetches
  !
  aaa new-model
  aaa authentication ppp default RADIUS local
  aaa authorization network default RADIUS local
  aaa accounting network default start-stop RADIUS
  !
  username hp-gw password 0 there
  username isp password 0 hello
  vpdn enable
  vpdn incoming isp hp-gw virtual-template 1
  !
  interface Ethernet0
  ip address 10.31.1.50 255.255.255.0
  !
  interface Ethernet1
  no ip address
  shutdown
  !
  interface Virtual-Template1
  ip unnumbered Ethernet0
  peer default ip address pool async
  ppp authentication chap
  !
  interface Serial0
  shutdown
  !
  interface Serial1
  shutdown
  !
  ip local pool async 1.1.1.1 1.1.1.6
  ip default-gateway 10.31.1.1
  no ip classless
  ip route 0.0.0.0 0.0.0.0 10.31.1.1
  RADIUS-server host 171.68.118.101 auth-port 1645 acct-port 1646
  RADIUS-server timeout 20
  RADIUS-server key cisco
  !
  line con 0
  exec-timeout 3600 0
  line aux 0
  line vty 0 4
  password WW
  !
  end

    

確認

現時点では、この設定に対する確認方法はありません。

トラブルシューティング

この項では、設定のトラブルシューティングに役立つ情報を説明します。

トラブルシューティングのためのコマンド

一部の show コマンドは、show コマンド出力の分析を表示する Output Interpreter ツールでサポートされています。

注: debug コマンドを使用する前に、「debug コマンドに関する重要な情報」を参照してください。

  • debug aaa authentication - AAA/Terminal Access Controller Access Control System Plus(TACACS+)の認証に関する情報を表示します。

  • debug aaa authorization- AAA/TACACS+ の許可に関する情報を表示します。

  • debug ppp negotiation - PPP の開始時に送信される PPP パケットを表示します。PPP の開始時には PPP オプションがネゴシエートされます。

  • debug RADIUS - RADIUS に関連付けられるデバッグ情報の詳細を表示します。

  • debug vpdn errors - PPP トンネルの確立を阻止するエラー、または確立されたトンネルをクローズするエラーを表示します。

  • debug vpdn events - 通常の PPP トンネル確立またはシャットダウンの一貫で発生するイベントに関するメッセージを表示します。

  • debug vpdn l2f-errors - L2 の確立を阻止する、または通常の操作を阻止する L2 プロトコル エラーを表示します。

  • debug vpdn l2f-events - 通常の PPP トンネル確立またはシャットダウンの一貫で発生するイベントに関するメッセージを表示します。

  • debug vpdn l2f-packets - L2F プロトコルのヘッダーとステータスに関するメッセージを表示します。

  • debug vpdn packets - VPDN の通常のトンネル確立またはシャットダウンの一貫で発生する L2TP エラーおよびイベントを表示します。

  • debug vtemplate - 仮想アクセス インターフェイスが仮想テンプレートでクローンされてから、コール終了時にダウンするまでの、仮想アクセス インターフェイスのクローン作成に関する情報を表示します。

デバッグ出力

ISP ルータ上の正常な状態のデバッグ

koala#show debug
  General OS:
  AAA Authentication debugging is on
  AAA Authorization debugging is on
  AAA Accounting debugging is on
  VPN:
  VPN events debugging is on
  VPN errors debugging is on
  RADIUS protocol debugging is on
  koala#
  %LINK-3-UPDOWN: Interface Async1, changed state to up
  17:28:19: VPDN: Looking for tunnel -- hp.com --
  17:28:19: AAA/AUTHEN: create_user (0x15D28C) user='hp.com' ruser='' port='Async1'
   rem_addr='' authen_type=NONE service=LOGIN priv=0
  17:28:19: AAA/AUTHOR/VPDN (982041598): Port='Async1' list='default' service=NET
  17:28:19: AAA/AUTHOR/VPDN: (982041598) user='hp.com'
  17:28:19: AAA/AUTHOR/VPDN: (982041598) send AV service=ppp
  17:28:19: AAA/AUTHOR/VPDN: (982041598) send AV protocol=vpdn
  17:28:19: AAA/AUTHOR/VPDN (982041598) found list "default"
  17:28:19: AAA/AUTHOR/VPDN: (982041598) Method=RADIUS
  17:28:19: RADIUS: authenticating to get author data
  17:28:19: RADIUS: Computed extended port value 0:1:
  17:28:19: RADIUS: Initial Transmit id 62 171.68.120.194:1645, Access-Request, len 70
  17:28:19: Attribute 4 6 0A1F0105
  17:28:19: Attribute 5 6 00000001
  17:28:19: Attribute 61 6 00000000
  17:28:19: Attribute 1 8 68702E63
  17:28:19: Attribute 2 18 8070079C
  17:28:19: Attribute 6 6 00000005
  17:28:19: RADIUS: Received from id 62 171.68.120.194:1645, Access-Accept, len 143
  17:28:19: Attribute 26 26 0000000901147670
  17:28:19: Attribute 26 36 00000009011E7670
  17:28:19: Attribute 26 31 0000000901197670
  17:28:19: Attribute 26 30 0000000901187670
  17:28:19: RADIUS: saved authorization data for user 15D28C at 10EE74
  17:28:19: RADIUS: cisco AVPair "vpdn:tunnel-id=isp"
  17:28:19: RADIUS: cisco AVPair "vpdn:ip-addresses=10.31.1.50"
  17:28:19: RADIUS: cisco AVPair "vpdn:nas-password=hello"
  17:28:19: RADIUS: cisco AVPair "vpdn:gw-password=there"
  17:28:19: AAA/AUTHOR (982041598): Post authorization status = PASS_ADD
  17:28:19: AAA/AUTHOR/VPDN: Processing AV service=ppp
  17:28:19: AAA/AUTHOR/VPDN: Processing AV protocol=vpdn
  17:28:19: AAA/AUTHOR/VPDN: Processing AV tunnel-id=isp
  17:28:19: AAA/AUTHOR/VPDN: Processing AV ip-addresses=10.31.1.50
  17:28:19: AAA/AUTHOR/VPDN: Processing AV nas-password=hello
  17:28:19: AAA/AUTHOR/VPDN: Processing AV gw-password=there
  17:28:19: VPDN: Get tunnel info with NAS isp GW hp.com, IP 10.31.1.50
  17:28:19: AAA/AUTHEN: free_user (0x15D28C) user='hp.com' ruser='' port='Async1'
   rem_addr='' authen_type=NONE service=LOGIN priv=0
  17:28:19: VPDN: Forward to address 10.31.1.50
  17:28:19: As1 VPDN: Forwarding...
  17:28:19: AAA/AUTHEN: create_user (0x15D334) user='jsmith@hp.com' ruser=''
   port='Async1' rem_addr='async' authen_type=CHAP service=PPP priv=1
  17:28:19: As1 VPDN: Bind interface direction=1
  17:28:19: As1 VPDN: jsmith@hp.com is forwarded
  17:28:19: AAA/ACCT/NET/START User jsmith@hp.com, Port Async1, List ""
  17:28:19: AAA/ACCT/NET: Found list "default"
  17:28:19: RADIUS: Computed extended port value 0:1:
  17:28:19: RADIUS: Initial Transmit id 63 171.68.120.194:1646, Accounting-Request,
   len 93
  17:28:19: Attribute 4 6 0A1F0105
  17:28:19: Attribute 5 6 00000001
  17:28:19: Attribute 61 6 00000000
  17:28:19: Attribute 1 15 6A736D69
  17:28:19: Attribute 40 6 00000001
  17:28:19: Attribute 45 6 00000002
  17:28:19: Attribute 6 6 00000002
  17:28:19: Attribute 44 10 30303030
  17:28:19: Attribute 7 6 7670646E
  17:28:19: Attribute 41 6 00000000
  17:28:19: RADIUS: Received from id 63 171.68.120.194:1646, Accounting-response,
   len 20
  %LINEPROTO-5-UPDOWN: Line protocol on Interface Async1, changed state to up
  koala#
  
  (ユーザは完了し、接続を解除します。)
  
  %LINEPROTO-5-UPDOWN: Line protocol on Interface Async1, changed state to down
  %LINK-5-CHANGED: Interface Async1, changed state to reset
  17:28:48: As1 VPDN: Cleanup
  17:28:48: As1 VPDN: Reset
  17:28:48: As1 VPDN: Reset
  17:28:48: As1 VPDN: Unbind interface
  17:28:48: AAA/ACCT/NET/STOP User jsmith@hp.com, Port Async1:
  task_id=20 start_time=900759730 timezone=UTC service=vpdn disc-cause=2
  disc-cause-ext=1011 pre-bytes-in=-226131998 pre-bytes-out=-1034130241
  pre-paks-in=-63570 pre-paks-out=-64410 bytes_in=1999 bytes_out=364 paks_in=29
  paks_out=12 pre-session-time=5 elapsed_time=29 data-rate=0
  xmit-rate=0
  17:28:48: RADIUS: Computed extended port value 0:1:
  17:28:48: RADIUS: Initial Transmit id 64 171.68.120.194:1646, Accounting-Request,
   len 129
  17:28:48: Attribute 4 6 0A1F0105
  17:28:48: Attribute 5 6 00000001
  17:28:48: Attribute 61 6 00000000
  17:28:48: Attribute 1 15 6A736D69
  17:28:48: Attribute 40 6 00000002
  17:28:48: Attribute 45 6 00000002
  17:28:48: Attribute 6 6 00000002
  17:28:48: Attribute 44 10 30303030
  17:28:48: Attribute 7 6 7670646E
  17:28:48: Attribute 49 6 00000002
  17:28:48: Attribute 42 6 000007CF
  17:28:48: Attribute 43 6 0000016C
  17:28:48: Attribute 47 6 0000001D
  17:28:48: Attribute 48 6 0000000C
  17:28:48: Attribute 46 6 0000001D
  17:28:48: Attribute 41 6 00000000
  17:28:48: RADIUS: Received from id 64 171.68.120.194:1646, Accounting-response,
   len 20
  %LINK-3-UPDOWN: Interface Async1, changed state to down
  17:28:51: AAA/AUTHEN: free_user (0x15D334) user='jsmith@hp.com' ruser=''
   port='Async1' rem_addr='async' authen_type=CHAP service=PPP priv=1
  koala#

HGW ルータ上の正常な状態のデバッグ

Sneetches#show debug
  General OS:
  AAA Authentication debugging is on
  AAA Authorization debugging is on
  AAA Accounting debugging is on
  VPN:
  VPN events debugging is on
  VPN errors debugging is on
  RADIUS protocol debugging is on
  Sneetches#
  17:28:21: AAA/AUTHEN: create_user (0x14A914) user='hp-gw' ruser='' port=''
  rem_addr='' authen_type=CHAP service=PPP priv=1
  17:28:21: AAA/AUTHEN/START (496523999): port='' list='default'
  action=SENDAUTH service=PPP
  17:28:21: AAA/AUTHEN/START (496523999): found list default
  17:28:21: AAA/AUTHEN/START (496523999): Method=RADIUS
  17:28:21: RADIUS: SENDPASS not supported (action=4)
  17:28:21: AAA/AUTHEN (496523999): status = ERROR
  17:28:21: AAA/AUTHEN/START (496523999): Method=LOCAL
  17:28:21: AAA/AUTHEN (496523999): status = PASS
  17:28:21: AAA/AUTHEN: free_user (0x14A914) user='hp-gw' ruser='' port=''
  rem_addr='' authen_type=CHAP service=PPP priv=1
  17:28:21: AAA/AUTHEN: create_user (0x14A914) user='isp' ruser='' port=''
  rem_addr='' authen_type=CHAP service=PPP priv=1
  17:28:21: AAA/AUTHEN/START (3095573082): port='' list='default'
  action=SENDAUTH service=PPP
  17:28:21: AAA/AUTHEN/START (3095573082): found list default
  17:28:21: AAA/AUTHEN/START (3095573082): Method=RADIUS
  17:28:21: RADIUS: SENDPASS not supported (action=4)
  17:28:21: AAA/AUTHEN (3095573082): status = ERROR
  17:28:21: AAA/AUTHEN/START (3095573082): Method=LOCAL
  17:28:21: AAA/AUTHEN (3095573082): status = PASS
  17:28:21: AAA/AUTHEN: free_user (0x14A914) user='isp' ruser='' port=''
  rem_addr='' authen_type=CHAP service=PPP priv=1
  17:28:21: AAA/AUTHEN: create_user (0x14ADB4) user='isp' ruser='' port=''
  rem_addr='' authen_type=CHAP service=PPP priv=1
  17:28:21: AAA/AUTHEN/START (3506257139): port='' list='default'
  action=LOGIN service=PPP
  17:28:21: AAA/AUTHEN/START (3506257139): found list default
  17:28:21: AAA/AUTHEN/START (3506257139): Method=RADIUS
  17:28:21: RADIUS: Initial Transmit id 53 171.68.118.101:1645, Access-Request, len 68
  17:28:21: Attribute 4 6 0A1F0132
  17:28:21: Attribute 61 6 00000000
  17:28:21: Attribute 1 5 69737003
  17:28:21: Attribute 3 19 10C82B7A
  17:28:21: Attribute 6 6 00000002
  17:28:21: Attribute 7 6 00000001
  17:28:21: RADIUS: Received from id 53 171.68.118.101:1645, Access-Accept, len 32
  17:28:21: Attribute 6 6 00000002
  17:28:21: Attribute 7 6 00000001
  17:28:21: AAA/AUTHEN (3506257139): status = PASS
  17:28:21: VPDN: Chap authentication succeeded for isp
  17:28:21: AAA/AUTHEN: free_user (0x14ADB4) user='isp' ruser='' port='' rem_addr=''
  authen_type=CHAP service=PPP priv=1
  17:28:21: Vi1 VPDN: Virtual interface created for jsmith@hp.com
  17:28:21: Vi1 VPDN: Set to Async interface
  17:28:21: Vi1 VPDN: Clone from Vtemplate 1 filterPPP=0 blocking
  %LINK-3-UPDOWN: Interface Virtual-Access1, changed state to up
  17:28:23: Vi1 VPDN: Bind interface direction=2
  17:28:23: Vi1 VPDN: PPP LCP accepted sent & rcv CONFACK
  17:28:23: AAA/AUTHEN: create_user (0x143368) user='jsmith@hp.com' ruser=''
   port='Virtual-Access1' rem_addr='async' authen_type=CHAP service=PPP priv=1
  17:28:23: AAA/AUTHEN/START (637397616): port='Virtual-Access1' list=''
   action=LOGIN service=PPP
  17:28:23: AAA/AUTHEN/START (637397616): using "default" list
  17:28:23: AAA/AUTHEN/START (637397616): Method=RADIUS
  17:28:23: RADIUS: Computed extended port value 0:60100:
  17:28:23: RADIUS: Initial Transmit id 54 171.68.118.101:1645, Access-Request, len 78
  17:28:23: Attribute 4 6 0A1F0132
  17:28:23: Attribute 5 6 0000EAC4
  17:28:23: Attribute 1 15 6A736D69
  17:28:23: Attribute 3 19 186C2AC9
  17:28:23: Attribute 6 6 00000002
  17:28:23: Attribute 7 6 00000001
  17:28:23: RADIUS: Received from id 54 171.68.118.101:1645, Access-Accept, len 32
  17:28:23: Attribute 6 6 00000002
  17:28:23: Attribute 7 6 00000001
  17:28:23: AAA/AUTHEN (637397616): status = PASS
  17:28:23: AAA/AUTHOR/LCP Vi1: Authorize LCP
  17:28:23: AAA/AUTHOR/LCP Vi1 (1528831370): Port='Virtual-Access1' list=''
   service=NET
  17:28:23: AAA/AUTHOR/LCP: Vi1 (1528831370) user='jsmith@hp.com'
  17:28:23: AAA/AUTHOR/LCP: Vi1 (1528831370) send AV service=ppp
  17:28:23: AAA/AUTHOR/LCP: Vi1 (1528831370) send AV protocol=lcp
  17:28:23: AAA/AUTHOR/LCP (1528831370) found list "default"
  17:28:23: AAA/AUTHOR/LCP: Vi1 (1528831370) Method=RADIUS
  17:28:23: AAA/AUTHOR (1528831370): Post authorization status = PASS_REPL
  17:28:23: AAA/AUTHOR/LCP Vi1: Processing AV service=ppp
  17:28:23: AAA/ACCT/NET/START User jsmith@hp.com, Port Virtual-Access1, List ""
  17:28:23: AAA/ACCT/NET: Found list "default"
  17:28:23: AAA/AUTHOR/FSM Vi1: (0): Can we start IPCP?
  17:28:23: AAA/AUTHOR/FSM Vi1 (4249637449): Port='Virtual-Access1' list=''
   service=NET
  17:28:23: AAA/AUTHOR/FSM: Vi1 (4249637449) user='jsmith@hp.com'
  17:28:23: AAA/AUTHOR/FSM: Vi1 (4249637449) send AV service=ppp
  17:28:23: AAA/AUTHOR/FSM: Vi1 (4249637449) send AV protocol=ip
  17:28:23: AAA/AUTHOR/FSM (4249637449) found list "default"
  17:28:23: AAA/AUTHOR/FSM: Vi1 (4249637449) Method=RADIUS
  17:28:23: AAA/AUTHOR (4249637449): Post authorization status = PASS_REPL
  17:28:23: AAA/AUTHOR/FSM Vi1: We can start IPCP
  17:28:23: RADIUS: Computed extended port value 0:60100:
  17:28:23: RADIUS: Initial Transmit id 55 171.68.118.101:1646, Accounting-Request,
   len 87
  17:28:23: Attribute 4 6 0A1F0132
  17:28:23: Attribute 5 6 0000EAC4
  17:28:23: Attribute 1 15 6A736D69
  17:28:23: Attribute 40 6 00000001
  17:28:23: Attribute 45 6 00000001
  17:28:23: Attribute 6 6 00000002
  17:28:23: Attribute 44 10 30303030
  17:28:23: Attribute 7 6 00000001
  17:28:23: Attribute 41 6 00000000
  17:28:23: RADIUS: Received from id 55 171.68.118.101:1646, Accounting-response,
   len 20
  17:28:23: AAA/AUTHOR/IPCP Vi1: Start. Her address 0.0.0.0, we want 0.0.0.0
  17:28:23: AAA/AUTHOR/IPCP Vi1: Processing AV service=ppp
  17:28:23: AAA/AUTHOR/IPCP Vi1: Authorization succeeded
  17:28:23: AAA/AUTHOR/IPCP Vi1: Done. Her address 0.0.0.0, we want 0.0.0.0
  17:28:23: AAA/AUTHOR/IPCP Vi1: Start. Her address 0.0.0.0, we want 1.1.1.1
  17:28:23: AAA/AUTHOR/IPCP Vi1: Processing AV service=ppp
  17:28:23: AAA/AUTHOR/IPCP Vi1: Authorization succeeded
  17:28:23: AAA/AUTHOR/IPCP Vi1: Done. Her address 0.0.0.0, we want 1.1.1.1
  17:28:24: AAA/AUTHOR/IPCP Vi1: Start. Her address 1.1.1.1, we want 1.1.1.1
  17:28:24: AAA/AUTHOR/IPCP Vi1 (923857566): Port='Virtual-Access1' list=''
   service=NET
  17:28:24: AAA/AUTHOR/IPCP: Vi1 (923857566) user='jsmith@hp.com'
  17:28:24: AAA/AUTHOR/IPCP: Vi1 (923857566) send AV service=ppp
  17:28:24: AAA/AUTHOR/IPCP: Vi1 (923857566) send AV protocol=ip
  17:28:24: AAA/AUTHOR/IPCP: Vi1 (923857566) send AV addr*1.1.1.1
  17:28:24: AAA/AUTHOR/IPCP (923857566) found list "default"
  17:28:24: AAA/AUTHOR/IPCP: Vi1 (923857566) Method=RADIUS
  17:28:24: AAA/AUTHOR (923857566): Post authorization status = PASS_REPL
  17:28:24: AAA/AUTHOR/IPCP Vi1: Reject 1.1.1.1, using 1.1.1.1
  17:28:24: AAA/AUTHOR/IPCP Vi1: Processing AV service=ppp
  17:28:24: AAA/AUTHOR/IPCP Vi1: Processing AV addr*1.1.1.1
  17:28:24: AAA/AUTHOR/IPCP Vi1: Authorization succeeded
  17:28:24: AAA/AUTHOR/IPCP Vi1: Done. Her address 1.1.1.1, we want 1.1.1.1
  %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access1, changed state to up
  Sneetches#
  
  (ユーザは完了し、接続を解除します。)
  
  Sneetches#
  17:28:50: Vi1 VPDN: Reset
  17:28:50: Vi1 VPDN: Reset
  %LINK-3-UPDOWN: Interface Virtual-Access1, changed state to down
  17:28:50: Vi1 VPDN: Cleanup
  17:28:50: Vi1 VPDN: Reset
  17:28:50: Vi1 VPDN: Reset
  17:28:50: Vi1 VPDN: Unbind interface
  17:28:50: Vi1 VPDN: Reset
  17:28:50: Vi1 VPDN: Reset
  17:28:50: AAA/ACCT/NET/STOP User jsmith@hp.com, Port Virtual-Access1:
  task_id=14 start_time=900759731 timezone=UTC service=ppp protocol=ip addr=1.1.1.1
  disc-cause=2 disc-cause-ext=1011 pre-bytes-in=0 pre-bytes-out=42
  pre-paks-in=0 pre-paks-out=2 bytes_in=882 bytes_out=356 paks_in=17 paks_out=11
  pre-session-time=0 elapsed_time=27 data-rate=0 xmit-rate=0
  17:28:50: RADIUS: Computed extended port value 0:60100:
  17:28:50: RADIUS: Initial Transmit id 56 171.68.118.101:1646, Accounting-Request,
   len 129
  17:28:50: Attribute 4 6 0A1F0132
  17:28:50: Attribute 5 6 0000EAC4
  17:28:50: Attribute 1 15 6A736D69
  17:28:50: Attribute 40 6 00000002
  17:28:50: Attribute 45 6 00000001
  17:28:50: Attribute 6 6 00000002
  17:28:50: Attribute 44 10 30303030
  17:28:50: Attribute 7 6 00000001
  17:28:50: Attribute 8 6 01010101
  17:28:50: Attribute 49 6 00000002
  17:28:50: Attribute 42 6 00000372
  17:28:50: Attribute 43 6 00000164
  17:28:50: Attribute 47 6 00000011
  17:28:50: Attribute 48 6 0000000B
  17:28:50: Attribute 46 6 0000001B
  17:28:50: Attribute 41 6 00000000
  17:28:50: RADIUS: Received from id 56 171.68.118.101:1646, Accounting-response,
   len 20
  17:28:50: AAA/AUTHEN: free_user (0x143368) user='jsmith@hp.com' ruser=''
   port='Virtual-Access1' rem_addr='async' authen_type=CHAP service=PPP
  priv=1
  %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access1,
    changed state to down
  Sneetches#

ISP ルータ上の問題発生時のデバッグ

koala#show debug
  General OS:
  AAA Authentication debugging is on
  AAA Authorization debugging is on
  AAA Accounting debugging is on
  VPN:
  VPN events debugging is on
  VPN errors debugging is on
  RADIUS protocol debugging is on
  koala#
  %LINK-3-UPDOWN: Interface Async1, changed state to up
  17:28:19: VPDN: Looking for tunnel -- hp.com --
  17:28:19: AAA/AUTHEN: create_user (0x15D28C) user='hp.com' ruser='' port='Async1'
  rem_addr='' authen_type=NONE service=LOGIN priv=0
  17:28:19: AAA/AUTHOR/VPDN (982041598): Port='Async1' list='default' service=NET
  17:28:19: AAA/AUTHOR/VPDN: (982041598) user='hp.com'
  17:28:19: AAA/AUTHOR/VPDN: (982041598) send AV service=ppp
  17:28:19: AAA/AUTHOR/VPDN: (982041598) send AV protocol=vpdn
  17:28:19: AAA/AUTHOR/VPDN (982041598) found list "default"
  17:28:19: AAA/AUTHOR/VPDN: (982041598) Method=RADIUS
  17:28:19: RADIUS: authenticating to get author data
  17:28:19: RADIUS: Computed extended port value 0:1:
  17:28:19: RADIUS: Initial Transmit id 62 171.68.120.194:1645, Access-Request, len 70
  17:28:19: Attribute 4 6 0A1F0105
  17:28:19: Attribute 5 6 00000001
  17:28:19: Attribute 61 6 00000000
  17:28:19: Attribute 1 8 68702E63
  17:28:19: Attribute 2 18 8070079C
  17:28:19: Attribute 6 6 00000005
  
  User hp.com is not in the ISP server:
  (There will be no output on HGW router because the call has not gotten that far)
  RADIUS: Received from id 83 171.68.120.194:1645, Access-Reject, len 20 18:43:18:
  AAA/AUTHEN (4063976505): status = FAIL
  
  17:28:19: RADIUS: Received from id 62 171.68.120.194:1645, Access-Accept, len 143
  17:28:19: Attribute 26 26 0000000901147670
  17:28:19: Attribute 26 36 00000009011E7670
  17:28:19: Attribute 26 31 0000000901197670
  17:28:19: Attribute 26 30 0000000901187670
  17:28:19: RADIUS: saved authorization data for user 15D28C at 10EE74
  17:28:19: RADIUS: cisco AVPair "vpdn:tunnel-id=isp"
  17:28:19: RADIUS: cisco AVPair "vpdn:ip-addresses=10.31.1.50"
  17:28:19: RADIUS: cisco AVPair "vpdn:nas-password=hello"
  17:28:19: RADIUS: cisco AVPair "vpdn:gw-password=there"
  17:28:19: AAA/AUTHOR (982041598): Post authorization status = PASS_ADD
  17:28:19: AAA/AUTHOR/VPDN: Processing AV service=ppp
  17:28:19: AAA/AUTHOR/VPDN: Processing AV protocol=vpdn
  17:28:19: AAA/AUTHOR/VPDN: Processing AV tunnel-id=isp
  17:28:19: AAA/AUTHOR/VPDN: Processing AV ip-addresses=10.31.1.50
  17:28:19: AAA/AUTHOR/VPDN: Processing AV nas-password=hello
  17:28:19: AAA/AUTHOR/VPDN: Processing AV gw-password=there
  17:28:19: VPDN: Get tunnel info with NAS isp GW hp.com, IP 10.31.1.50
  17:28:19: AAA/AUTHEN: free_user (0x15D28C) user='hp.com' ruser='' port='Async1'
  rem_addr='' authen_type=NONE service=LOGIN priv=0
  17:28:19: VPDN: Forward to address 10.31.1.50
  17:28:19: As1 VPDN: Forwarding...
  17:28:19: AAA/AUTHEN: create_user (0x15D334) user='jsmith@hp.com' ruser=''
   port='Async1' rem_addr='async' authen_type=CHAP service=PPP priv=1
  17:28:19: As1 VPDN: Bind interface direction=1
  17:28:19: As1 VPDN: jsmith@hp.com is forwarded
  
  Problem in tunnel definition on HGW router; in HGW configuration we put
  vpdn incoming hp-gw isp virtual-template 1
  instead of
  vpdn incoming isp hp-gw virtual-template 1
  %VPDN-5-UNREACH: L2F HGW 10.31.1.50 is unreachable
  VPDN: Timeout opening tunnel to 10.31.1.50
  VPDN: Free busy address 10.31.1.50
  
  User "isp" or "hp-gw" is removed from HGW router
  %VPDN-6-AUTHENFAIL: L2F NAS koala, authentication failure for tunnel hp-gw;
   Invalid key
  
  User "isp" is not in the HGW server
  %VPDN-6-AUTHENFAIL: L2F HGW , AAA authentication failure for tunnel hp-gw
  
  17:28:19: AAA/ACCT/NET/START User jsmith@hp.com, Port Async1, List ""
  17:28:19: AAA/ACCT/NET: Found list "default"
  17:28:19: RADIUS: Computed extended port value 0:1:
  17:28:19: RADIUS: Initial Transmit id 63 171.68.120.194:1646, Accounting-Request,
   len 93
  17:28:19: Attribute 4 6 0A1F0105
  17:28:19: Attribute 5 6 00000001
  17:28:19: Attribute 61 6 00000000
  17:28:19: Attribute 1 15 6A736D69
  17:28:19: Attribute 40 6 00000001
  17:28:19: Attribute 45 6 00000002
  17:28:19: Attribute 6 6 00000002
  17:28:19: Attribute 44 10 30303030
  17:28:19: Attribute 7 6 7670646E
  17:28:19: Attribute 41 6 00000000
  17:28:19: RADIUS: Received from id 63 171.68.120.194:1646, Accounting-response,
   len 20
  
  User jsmith@hp.com is not in the HGW server:
  %VPDN-6-AUTHENFAIL: L2F HGW hp-gw, AAA authentication failure for As1
  user jsmith@hp.com; Authentication failure
  
  %LINEPROTO-5-UPDOWN: Line protocol on Interface Async1, changed state to up
  koala#
  
  (ユーザは完了し、接続を解除します。)
  
  %LINEPROTO-5-UPDOWN: Line protocol on Interface Async1, changed state to down
  %LINK-5-CHANGED: Interface Async1, changed state to reset
  17:28:48: As1 VPDN: Cleanup
  17:28:48: As1 VPDN: Reset
  17:28:48: As1 VPDN: Reset
  17:28:48: As1 VPDN: Unbind interface
  17:28:48: AAA/ACCT/NET/STOP User jsmith@hp.com, Port Async1:
  task_id=20 start_time=900759730 timezone=UTC service=vpdn disc-cause=2
  disc-cause-ext=1011 pre-bytes-in=-226131998 pre-bytes-out=-1034130241
  pre-paks-in=-63570 pre-paks-out=-64410 bytes_in=1999 bytes_out=364
  paks_in=29 paks_out=12 pre-session-time=5 elapsed_time=29 data-rate=0
  xmit-rate=0
  17:28:48: RADIUS: Computed extended port value 0:1:
  17:28:48: RADIUS: Initial Transmit id 64 171.68.120.194:1646, Accounting-Request,
   len 129
  17:28:48: Attribute 4 6 0A1F0105
  17:28:48: Attribute 5 6 00000001
  17:28:48: Attribute 61 6 00000000
  17:28:48: Attribute 1 15 6A736D69
  17:28:48: Attribute 40 6 00000002
  17:28:48: Attribute 45 6 00000002
  17:28:48: Attribute 6 6 00000002
  17:28:48: Attribute 44 10 30303030
  17:28:48: Attribute 7 6 7670646E
  17:28:48: Attribute 49 6 00000002
  17:28:48: Attribute 42 6 000007CF
  17:28:48: Attribute 43 6 0000016C
  17:28:48: Attribute 47 6 0000001D
  17:28:48: Attribute 48 6 0000000C
  17:28:48: Attribute 46 6 0000001D
  17:28:48: Attribute 41 6 00000000
  17:28:48: RADIUS: Received from id 64 171.68.120.194:1646, Accounting-response,
   len 20
  %LINK-3-UPDOWN: Interface Async1, changed state to down
  17:28:51: AAA/AUTHEN: free_user (0x15D334) user='jsmith@hp.com' ruser=''
   port='Async1'
  rem_addr='async' authen_type=CHAP service=PPP priv=1
  koala#

HGW ルータ上の問題発生時のデバッグ

Sneetches#sho deb
  General OS:
  AAA Authentication debugging is on
  AAA Authorization debugging is on
  AAA Accounting debugging is on
  VPN:
  VPN events debugging is on
  VPN errors debugging is on
  RADIUS protocol debugging is on
  Sneetches#
  
  Problem in tunnel definition on the HGW router; in HGW configuration, we put:
  vpdn incoming hp-gw isp virtual-template 1
  instead of
  vpdn incoming isp hp-gw virtual-template 1
  debug vpdn l2f-errors 
  will show:
  19:25:27: L2F: Couldn't find tunnel named isp
  19:25:30: L2F: Couldn't find tunnel named isp
  
  17:28:21: AAA/AUTHEN: create_user (0x14A914) user='hp-gw' ruser='' port=''
  rem_addr='' authen_type=CHAP service=PPP priv=1
  17:28:21: AAA/AUTHEN/START (496523999): port='' list='default'
  action=SENDAUTH service=PPP
  17:28:21: AAA/AUTHEN/START (496523999): found list default
  17:28:21: AAA/AUTHEN/START (496523999): Method=RADIUS
  17:28:21: RADIUS: SENDPASS not supported (action=4)
  17:28:21: AAA/AUTHEN (496523999): status = ERROR
  17:28:21: AAA/AUTHEN/START (496523999): Method=LOCAL
  17:28:21: AAA/AUTHEN (496523999): status = PASS
  17:28:21: AAA/AUTHEN: free_user (0x14A914) user='hp-gw' ruser='' port=''
  rem_addr='' authen_type=CHAP service=PPP priv=1
  17:28:21: AAA/AUTHEN: create_user (0x14A914) user='isp' ruser='' port=''
  rem_addr='' authen_type=CHAP service=PPP priv=1
  17:28:21: AAA/AUTHEN/START (3095573082): port='' list='default'
  action=SENDAUTH service=PPP
  17:28:21: AAA/AUTHEN/START (3095573082): found list default
  17:28:21: AAA/AUTHEN/START (3095573082): Method=RADIUS
  17:28:21: RADIUS: SENDPASS not supported (action=4)
  17:28:21: AAA/AUTHEN (3095573082): status = ERROR
  17:28:21: AAA/AUTHEN/START (3095573082): Method=LOCAL
  
  User "isp" is removed from the HGW router
  AAA/AUTHEN (3372073334): SENDAUTH no password for isp
  AAA/AUTHEN (3372073334): status = ERROR
  AAA/AUTHEN/START (3372073334): no methods left to try
  AAA/AUTHEN (3372073334): status = ERROR
  AAA/AUTHEN/START (3372073334): failed to authenticate
  
  User "hp-gw" is removed from the HGW router
  AAA/AUTHEN (3999868118): SENDAUTH no password for hp-gw
  AAA/AUTHEN (3999868118): status = ERROR
  AAA/AUTHEN/START (3999868118): no methods left to try
  AAA/AUTHEN (3999868118): status = ERROR
  AAA/AUTHEN/START (3999868118): failed to authenticate
  
  17:28:21: AAA/AUTHEN (3095573082): status = PASS
  17:28:21: AAA/AUTHEN: free_user (0x14A914) user='isp' ruser='' port=''
  rem_addr='' authen_type=CHAP service=PPP priv=1
  17:28:21: AAA/AUTHEN: create_user (0x14ADB4) user='isp' ruser='' port=''
  rem_addr='' authen_type=CHAP service=PPP priv=1
  17:28:21: AAA/AUTHEN/START (3506257139): port='' list='default'
   action=LOGIN service=PPP
  17:28:21: AAA/AUTHEN/START (3506257139): found list default
  17:28:21: AAA/AUTHEN/START (3506257139): Method=RADIUS
  17:28:21: RADIUS: Initial Transmit id 53 171.68.118.101:1645,
   Access-Request, len 68
  17:28:21: Attribute 4 6 0A1F0132
  17:28:21: Attribute 61 6 00000000
  17:28:21: Attribute 1 5 69737003
  17:28:21: Attribute 3 19 10C82B7A
  17:28:21: Attribute 6 6 00000002
  17:28:21: Attribute 7 6 00000001
  17:28:21: RADIUS: Received from id 53 171.68.118.101:1645,
   Access-Accept, len 32
  17:28:21: Attribute 6 6 00000002
  17:28:21: Attribute 7 6 00000001
  
  User "isp" is removed from HGW server
  RADIUS: Received from id 107 171.68.118.101:1645, Access-Reject, len 46
  Attribute 18 26 41757468
  AAA/AUTHEN (2759462034): status = FAIL
  VPDN: Chap authentication failed for isp
  %VPDN-6-AUTHENFAIL: L2F HGW , AAA authentication failure for tunnel isp
  
  17:28:21: AAA/AUTHEN (3506257139): status = PASS
  17:28:21: VPDN: Chap authentication succeeded for isp
  17:28:21: AAA/AUTHEN: free_user (0x14ADB4) user='isp' ruser='' port=''
  rem_addr='' authen_type=CHAP service=PPP priv=1
  17:28:21: Vi1 VPDN: Virtual interface created for jsmith@hp.com
  17:28:21: Vi1 VPDN: Set to Async interface
  17:28:21: Vi1 VPDN: Clone from Vtemplate 1 filterPPP=0 blocking
  %LINK-3-UPDOWN: Interface Virtual-Access1, changed state to up
  17:28:23: Vi1 VPDN: Bind interface direction=2
  17:28:23: Vi1 VPDN: PPP LCP accepted sent & rcv CONFACK
  17:28:23: AAA/AUTHEN: create_user (0x143368) user='jsmith@hp.com' ruser=''
   port='Virtual-Access1' rem_addr='async' authen_type=CHAP service=PPP priv=1
  17:28:23: AAA/AUTHEN/START (637397616): port='Virtual-Access1' list=''
   action=LOGIN service=PPP
  17:28:23: AAA/AUTHEN/START (637397616): using "default" list
  17:28:23: AAA/AUTHEN/START (637397616): Method=RADIUS
  17:28:23: RADIUS: Computed extended port value 0:60100:
  17:28:23: RADIUS: Initial Transmit id 54 171.68.118.101:1645, Access-Request,
   len 78
  17:28:23: Attribute 4 6 0A1F0132
  17:28:23: Attribute 5 6 0000EAC4
  17:28:23: Attribute 1 15 6A736D69
  17:28:23: Attribute 3 19 186C2AC9
  17:28:23: Attribute 6 6 00000002
  17:28:23: Attribute 7 6 00000001
  
  User "jsmith@hp.com" is not in the HGW server:
  RADIUS: Received from id 109 171.68.118.101:1645, Access-Reject, len 46
  Attribute 18 26 41757468
  AAA/AUTHEN (2765235576): status = FAIL
  %VPDN-6-AUTHENFAIL: L2F HGW hp-gw, AAA authentication failure for Vi1
   user jsmith@hp.com; Authentication failure
  
  16:28:23: RADIUS: Received from id 54 171.68.118.101:1645, Access-Accept, len 32
  17:28:23: Attribute 6 6 00000002
  17:28:23: Attribute 7 6 00000001
  17:28:23: AAA/AUTHEN (637397616): status = PASS
  17:28:23: AAA/AUTHOR/LCP Vi1: Authorize LCP
  17:28:23: AAA/AUTHOR/LCP Vi1 (1528831370): Port='Virtual-Access1' list='' service=NET
  17:28:23: AAA/AUTHOR/LCP: Vi1 (1528831370) user='jsmith@hp.com'
  17:28:23: AAA/AUTHOR/LCP: Vi1 (1528831370) send AV service=ppp
  17:28:23: AAA/AUTHOR/LCP: Vi1 (1528831370) send AV protocol=lcp
  17:28:23: AAA/AUTHOR/LCP (1528831370) found list "default"
  17:28:23: AAA/AUTHOR/LCP: Vi1 (1528831370) Method=RADIUS
  17:28:23: AAA/AUTHOR (1528831370): Post authorization status = PASS_REPL
  17:28:23: AAA/AUTHOR/LCP Vi1: Processing AV service=ppp
  17:28:23: AAA/ACCT/NET/START User jsmith@hp.com, Port Virtual-Access1, List ""
  17:28:23: AAA/ACCT/NET: Found list "default"
  17:28:23: AAA/AUTHOR/FSM Vi1: (0): Can we start IPCP?
  17:28:23: AAA/AUTHOR/FSM Vi1 (4249637449): Port='Virtual-Access1' list='' service=NET
  17:28:23: AAA/AUTHOR/FSM: Vi1 (4249637449) user='jsmith@hp.com'
  17:28:23: AAA/AUTHOR/FSM: Vi1 (4249637449) send AV service=ppp
  17:28:23: AAA/AUTHOR/FSM: Vi1 (4249637449) send AV protocol=ip
  17:28:23: AAA/AUTHOR/FSM (4249637449) found list "default"
  17:28:23: AAA/AUTHOR/FSM: Vi1 (4249637449) Method=RADIUS
  17:28:23: AAA/AUTHOR (4249637449): Post authorization status = PASS_REPL
  17:28:23: AAA/AUTHOR/FSM Vi1: We can start IPCP
  17:28:23: RADIUS: Computed extended port value 0:60100:
  17:28:23: RADIUS: Initial Transmit id 55 171.68.118.101:1646, Accounting-Request,
   len 87
  17:28:23: Attribute 4 6 0A1F0132
  17:28:23: Attribute 5 6 0000EAC4
  17:28:23: Attribute 1 15 6A736D69
  17:28:23: Attribute 40 6 00000001
  17:28:23: Attribute 45 6 00000001
  17:28:23: Attribute 6 6 00000002
  17:28:23: Attribute 44 10 30303030
  17:28:23: Attribute 7 6 00000001
  17:28:23: Attribute 41 6 00000000
  17:28:23: RADIUS: Received from id 55 171.68.118.101:1646, Accounting-response,
   len 20
  17:28:23: AAA/AUTHOR/IPCP Vi1: Start. Her address 0.0.0.0, we want 0.0.0.0
  17:28:23: AAA/AUTHOR/IPCP Vi1: Processing AV service=ppp
  17:28:23: AAA/AUTHOR/IPCP Vi1: Authorization succeeded
  17:28:23: AAA/AUTHOR/IPCP Vi1: Done. Her address 0.0.0.0, we want 0.0.0.0
  17:28:23: AAA/AUTHOR/IPCP Vi1: Start. Her address 0.0.0.0, we want 1.1.1.1
  17:28:23: AAA/AUTHOR/IPCP Vi1: Processing AV service=ppp
  17:28:23: AAA/AUTHOR/IPCP Vi1: Authorization succeeded
  17:28:23: AAA/AUTHOR/IPCP Vi1: Done. Her address 0.0.0.0, we want 1.1.1.1
  17:28:24: AAA/AUTHOR/IPCP Vi1: Start. Her address 1.1.1.1, we want 1.1.1.1
  17:28:24: AAA/AUTHOR/IPCP Vi1 (923857566): Port='Virtual-Access1' list=''
   service=NET
  17:28:24: AAA/AUTHOR/IPCP: Vi1 (923857566) user='jsmith@hp.com'
  17:28:24: AAA/AUTHOR/IPCP: Vi1 (923857566) send AV service=ppp
  17:28:24: AAA/AUTHOR/IPCP: Vi1 (923857566) send AV protocol=ip
  17:28:24: AAA/AUTHOR/IPCP: Vi1 (923857566) send AV addr*1.1.1.1
  17:28:24: AAA/AUTHOR/IPCP (923857566) found list "default"
  17:28:24: AAA/AUTHOR/IPCP: Vi1 (923857566) Method=RADIUS
  17:28:24: AAA/AUTHOR (923857566): Post authorization status = PASS_REPL
  17:28:24: AAA/AUTHOR/IPCP Vi1: Reject 1.1.1.1, using 1.1.1.1
  17:28:24: AAA/AUTHOR/IPCP Vi1: Processing AV service=ppp
  17:28:24: AAA/AUTHOR/IPCP Vi1: Processing AV addr*1.1.1.1
  17:28:24: AAA/AUTHOR/IPCP Vi1: Authorization succeeded
  17:28:24: AAA/AUTHOR/IPCP Vi1: Done. Her address 1.1.1.1, we want 1.1.1.1
  %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access1,
   changed state to up
  Sneetches#
  
  (ユーザは完了し、接続を解除します。)
  
  Sneetches#
  17:28:50: Vi1 VPDN: Reset
  17:28:50: Vi1 VPDN: Reset
  %LINK-3-UPDOWN: Interface Virtual-Access1, changed state to down
  17:28:50: Vi1 VPDN: Cleanup
  17:28:50: Vi1 VPDN: Reset
  17:28:50: Vi1 VPDN: Reset
  17:28:50: Vi1 VPDN: Unbind interface
  17:28:50: Vi1 VPDN: Reset
  17:28:50: Vi1 VPDN: Reset
  17:28:50: AAA/ACCT/NET/STOP User jsmith@hp.com, Port Virtual-Access1:
  task_id=14 start_time=900759731 timezone=UTC service=ppp protocol=ip addr=1.1.1.1
  disc-cause=2 disc-cause-ext=1011 pre-bytes-in=0 pre-bytes-out=42
  pre-paks-in=0 pre-paks-out=2 bytes_in=882 bytes_out=356 paks_in=17 paks_out=11
  pre-session-time=0 elapsed_time=27 data-rate=0 xmit-rate=0
  17:28:50: RADIUS: Computed extended port value 0:60100:
  17:28:50: RADIUS: Initial Transmit id 56 171.68.118.101:1646, Accounting-Request,
   len 129
  17:28:50: Attribute 4 6 0A1F0132
  17:28:50: Attribute 5 6 0000EAC4
  17:28:50: Attribute 1 15 6A736D69
  17:28:50: Attribute 40 6 00000002
  17:28:50: Attribute 45 6 00000001
  17:28:50: Attribute 6 6 00000002
  17:28:50: Attribute 44 10 30303030
  17:28:50: Attribute 7 6 00000001
  17:28:50: Attribute 8 6 01010101
  17:28:50: Attribute 49 6 00000002
  17:28:50: Attribute 42 6 00000372
  17:28:50: Attribute 43 6 00000164
  17:28:50: Attribute 47 6 00000011
  17:28:50: Attribute 48 6 0000000B
  17:28:50: Attribute 46 6 0000001B
  17:28:50: Attribute 41 6 00000000
  17:28:50: RADIUS: Received from id 56 171.68.118.101:1646, Accounting-response,
   len 20
  17:28:50: AAA/AUTHEN: free_user (0x143368) user='jsmith@hp.com' ruser=''
   port='Virtual-Access1'
  rem_addr='async' authen_type=CHAP service=PPP priv=1
  %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access1,
   changed state to down
  Sneetches#

関連するシスコ サポート コミュニティ ディスカッション

シスコ サポート コミュニティは、どなたでも投稿や回答ができる情報交換スペースです。


関連情報


Document ID: 4675